Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Using Cloud Email Security > What does the Status mean?
The Status column of the end-user message report includes a reason (such as Spam) and a disposition (such as Quarantined).
If a message was not delivered, the first (bold) word in this column indicates the reason why. The word below it indicates the action taken on the message, also known as the disposition of the message.
The message contains content that may be dangerous to your machine. This reason can have many sub-reasons:
Double extension file - An attachment filename has a double file extension that can be used to mask the real function of the file.
Empty archive - The message contains an empty archive file.
Executable in service message - The message is a delivery status message that contains executable content.
openrelay(block) - The message sender should not have been able to send mail via the sending mail server.
Spoofed virus - The message contains a virus. The message sender appears to have been forged.
Suspicious attachments - ThreatSeeker found a suspicious attachment $1 in the message.
Zero byte archive - The message contains an empty archive attachment. This is probably because a virus has been removed.
Zero byte executable - The message contains an empty executable attachment. This is probably because a virus has been removed.
The message contains an attachment whose extension has been renamed as configured by your policy. For example, an executable extension may have been named ".ex_" to prevent it from being executed.
*
Archive extraction failed - The service was unable to unpack an archive file and could not scan it.
*
Attachment missing filename - An attachment in the mail does not have a specified filename. This can be used to exploit some mail clients.
*
Email not multipart - The structure of the message is potentially malicious and can be used to attack some mail clients.
*
Encrypted - The message or an attachment is encrypted.
*
Expansion level exceeded - The mail contained too many levels of nested archives. Unable to scan the archive contents.
*
Filename blocked - An attachment name matched a service configured rule.
*
Filename too long - The subject contains a filename that is too long. This can be used to attack some mail clients.
*
Header blocked - The message header breaches a configured policy rule.
*
Header contains large data blocks - The message header contains a block of data longer than the permitted maximum.
*
Header length exceeds - The message header is longer than the permitted maximum. This can be used to attack some mail clients.
*
Message subject blocked - The message subject matches a service configured rule.
*
MIME type blocked - The message contains an attachment that is blocked by the configured policy.
*
Partial message body - The message cannot be scanned because it is missing parts of an attachment and has been blocked.
*
Password protected archive - The message contains a password protected archive file. This cannot be scanned therefore was blocked.
*
Potential outlook exploit - The date or subject in the message are too long. These can be used to attack mail clients like old versions of MS Outlook.
*
Signed - The message has been cryptographically signed. This message cannot be scanned and was quarantined.
*
Suspicious body characters - The message body contains binary information where it was not expected. This might be malicious.
*
Suspicious header characters - The message header contains binary information where it was not expected. This might be malicious.
*
Unroutable recipient - The email policy blocks delivery of mail to this subdomain.
*
Unroutable sender - The email policy blocks delivery of mail from users in this subdomain.
The message has been classified as spam by your email policy. Quarantined spam messages include a spam score. The higher the score, the more likely it is that the message is spam.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Using Cloud Email Security > What does the Status mean?